Microsoft bins unloved Chinese cert shops

WoSign and StartCom banished from Windows 10

Microsoft's decided not to support digital certificates issued by Chinese outfits WoSign and StartCom, but the first-mentioned CA disputes the decision.

Google, Apple and Mozilla binned WoSign certs in 2016.

Microsoft says it has now “... concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program.”

“Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) violations.”

The decision means that “Windows 10 will not trust any new certificates from these CAs after September 2017” and allow “natural deprecation of WoSign and StartCom certificates by setting a “NotBefore” date of 26 September 2017.”

WoSign has labelled Microsoft's post “misleading”. In a post we've shoved through online translation engines, the company says its replaced its root certificate in November and that its recent certificates present no risk to users. StartCom's online presences are silent on the matter. The company claims to be "the 6th biggest CA in the world, securing more than half a million websites worldwide." ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017